New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you think about mandatory ID verification for domain/hosting account?
This is the news that came out a few months ago...
To prevent pirate sites, copyright groups and media companies want providers to perform KYC (Know your customer) procedures like banks. Brein first came up with the idea, and they sent letter to the European Commission hoping that the regulation applies whole EU countries.
If KYC is mandated, EU providers or non-EU resellers who lease servers in the EU are obligated to verify the customer's ID card, passport, and physical address.
What do you think about this? I wonder how providers really think about.
Are you in favor of mandatory KYC?
- Are you in favor of mandatory KYC?109 votes
- Yes14.68%
- No85.32%
Comments
Well as a host it can be extremely useful for preventing lots of illegal things that aren't related to piracy.
It will kill hosting industry in all EU countries when you can host in UK or USA without such restrictions. I hope it happens just so the EU lawmakers get hatemail from established big players as they lose market share to UK hosts at that point. I really do hope that it happens so I can see everything burn down cause we deserve it for being in this new soviet union of retarded law makers.
I used to think UK was nuts for leaving but seeing these new laws I have realized how lucky they are now.
I wish to congratulate @Clouvider already for an excellent choice of being an UK host in this current situation as im 100% sure that this law will pass unchanged due to lobbyists.
I will completely ditch OVH and @Hetzner_OL at that point and rent all of my servers from UK just to tip the balance even more to get my "Fuck EU laws." message across. Normal consumer can only vote with his money and purchase decisions in todays world.
I'm not against KYC per se, but the problem for me is how to implement it on a purely technical level. Forcing providers to apply KYC without giving them an efficient, cheap and automated way of doing so will simply kill the european hosting business.
Scanning passports/drivinglicenses etc is a timeconsuming and labour intensive process, it simply does not scale at all. And its not really a good way to establish someones identity anyway.
Some countries like Sweden have a well established infrastructure with digital identification standards that basically eliminates the problem, while other european countries are decades behind.
As long as their is no common, cheap, well established and efficient way of doing KYC in every country, forcing providers to do it equals forcing providers to move elsewhere or simply go out of business.
ePassport/eID is standard for a couple years in EU thus within the next time everyone should have an electronic verfiable national authentication.
The problem is, as you pointed out, how to deal with "every" country.
So would a hosting company have to verify the validity of a scanned passport? As in, would they be on the hook that it's a 100% genuine passport scan, free of Photoshop doctoring?
I'm in favor of preventing abuse, but there are too many legitimate reasons for hosting something anonymously. Think of whistleblowing, criticizing the government, companies, etc.
Even this is widely adopted in EU - The question and how Swedish company will verify it's non eu customers as they operate from Sweden they will be obliged to verify any one of their customers no matter european or not no matter servers in eu or on
this will be totally unverifiable...
(Non EU customer buing hosting in EU, form a EU company)
(Non EU customer buying hosting, outside EU from EU company)
(Non EU customer buying hosting in EU from non EU company)
End result will be EU hosting for EU citizens only, EU hosting companies selling to EU citizens only (as no one will buy their non eu hosting if company is regulate to ask for documents from any customer) and EU servers / cloud rented to resell as hosting in EU from EU companies only as it will be too much a burden from non EU company to comply instead of choosing UK
I was thinking more like the Swedish BankID, which allows electronic identification on websites, e-commerce, software or whatever, without any physical integration at all. In Sweden BankID is getting more and more accepted, to the point where you no longer need to signup on many services or sites, you simply login with your BankID and they have all the information they need. We do all kinds of banking, pay our taxes, buy stuff from retailers and even login to certain systems at work using our BankID. Last time I checked something like 8 million people use it regularly, which is pretty good for a country with 10 million citizens considering the missing 2 million are probably children or tinfoilhats.
The problem is that it's a Swedish thing so it wont work everywhere.
Don't care really.
I will say I am in favor of it.
EU should require every website to have an Internet Content Provider certification. The website owner must appear in front of a government officer with their ID before their server comes online. If their website contains any user generated content, they are required to moderate the content before it becomes visible, and they must provide a 24/7 phone number to the government and delete whatever content deemed inappropriate within 15 minutes of receiving a phone call.
Copied from China law.
eID is the light version of it. Only works for identification, not online banking, but should allow to provide all required information similar to your BankID. I think in Sweden you also have eID function in your national ID (at least newer issued IDs).
I will never share my personal infos with hosting providers except google
Yes we do have eID, but eID requires hardware such as a cardreader and the actual id-card and is not that easy to implement on a provider level, so nobody really uses it.
BankID is software only and takes minutes to implement.
A really ugly way to brutally cut down EU providers revenue or to even kill them.
If there is one thing one can rely on it's that EU politicians always and reliably find and pick the worst solutions.
Remember the golden rule:
If China or Russia does something, it proves that they are evil dictatorships.
If the EUSA do the same thing years later, they are still a glorious constitutional democracy.
I predict it will be like the german dataretention. It will be made into a law, and has to be implemented by companies. Then someone will sue, and 3 years later a high court rules that it is illigal in its current form. Then the law will be revised, someone will sue again, and the court rules that it is still illegal in its current form. Then the law will be revised, someone will sue again, and ... .
True story! And very sad!
I also find it sad that the EU is uncle sams bitch, and follows most of his orders, while he himself often doesn't. Sam is always like "Do as I say, not as I do!". (BREIN = Rightsholder industry = predominantly USA.). I bet US hosters won't have to do this, although the rightsholders have a strong lobby in the US.
I'm definitely in favour of KYC. It prevents chargebacks, abuse and fraud IMO.
"Don't be evil", most of people use your data in illegal activity, so certainly i am not in favour with KYC.
Let's just hope this nonsense never happens.
Nope I am not giving any of my ID to providers. However it doesn't look anything serious, the named groups who propose that are known butthurt possessors because many hosts ignore their constant emails with threats, so this move is some kind of revenge.
I understand the intention and need behind this, but as a consumer, I'm not sure I could trust how well the providers could store this kind of data...
I mean it's one thing to know billing address (something that can be easily found on a receipt), but having it on an ID card just makes me feel like it's easier for identity theft to occur, if that data were ever stored improperly / leaked.
LOL...that would be an identity theft fest.
No way I'm sending my ID to any provider. You think the average LET host has the infrastructure to properly handle this kind of PII? Now instead of just Solus databases being leaked we'll also see tarballs of people's passports.
tbh id support this for some domains so long as there are anonomous domains ie .anon or somethin that dont require verification
That's not how it works.
Providers are required to get name, address and contact information from their customers, not their actual id cards or passports. Most of them already collect that information today, the only difference is that they by the new law would be required to collect it and to some extent verify it.
OK, but I read this...maybe OP is wrong?
Correct KYC as it's commonly accepted today within the UK/EU is about verifying you really do know who you are dealing with. That means not accepting what the customer tells you but actually verifying it.
So if this got approved, which I have no doubt it won't then a customer would need to both prove who they are (passport/ID/etc) as well as providing proof of address (bills/statements/etc).
If this happens, only the large providers will get tremendous benefit.
Laws and regulations are a good way to deter the competition. Smaller providers will not have the infrastructure to safeguard PI, so their business will become illegal. Or the customers won't trust them enough to provide ID.
Result, smaller providers will close shop = less competition for larger providers.
https://torrentfreak.com/images/eu-letter-dsa.jpg some of those are well known clowns that sue every provider, I can show some screenshots of the email correspondence sent by them where they speak in aggressive and disrespectful form to providers regarding some content hosted by customers. They don't care about personal free speech preferences and would censor everything if they had power to do so.
OP is not wrong, but verifying your address does not mean that the provider will have your passport in their database. Or at least it shouldn't mean that, but today's lawmakers are known to be really stupid on a regular basis.
For example, the Swedish solution called BankID.
I sign up somewhere, claiming to be the Swedish Chef. The provider gets my information and ask the BankID belonging to the Swedish Chef to sign it. I, the Swedish Chef, opens my BankID application and signs that request.
The provider now knows that their customer is the Swedish Chef but they still do not have my passport, ID card, or any other information that they do not need.
This is how it should work, but the problem as I stated earlier is that solutions like BankID are not common outside of Scandinavia, and on the few places they do exist they are not standardized.
@rcy026 the context you are bringing is quite unrelated to this topic. It doesn't seem you understand the difference between required KYC and required real identity information. They are completely different cases.
Then please explain it to me, because I was under the illusion that I fully understand it since it is part of what I do.